};
nat44_is_idle_session_ctx_t ctx;
- u32 cleared = 0;
-
if (PREDICT_FALSE (nat44_maximum_sessions_exceeded (sm, thread_index)))
{
- if (PREDICT_FALSE
- (!(cleared = nat44_users_cleanup (thread_index, now))))
- {
- b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
- nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
- nat_elog_notice ("maximum sessions exceeded");
- return NAT_NEXT_DROP;
- }
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
+ nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
+ nat_elog_notice ("maximum sessions exceeded");
+ return NAT_NEXT_DROP;
}
key0.addr = key->l_addr;
sm->port_per_thread,
tsm->snat_thread_index))
{
- if (cleared || !nat44_out_of_ports_cleanup (thread_index, now) ||
- nat_alloc_addr_and_port_ed (sm->addresses, rx_fib_index,
- thread_index, key, &key1,
- sm->port_per_thread,
- tsm->snat_thread_index))
- {
- nat_elog_notice ("addresses exhausted");
- b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS];
- return NAT_NEXT_DROP;
- }
+ nat_elog_notice ("addresses exhausted");
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS];
+ return NAT_NEXT_DROP;
}
}
else
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
0, def_slow;
- u32 tcp_closed_drops = 0;
def_slow = is_output_feature ? NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH :
NAT_NEXT_IN2OUT_ED_SLOW_PATH;
else
{
// session in transitory timeout, drop
- ++tcp_closed_drops;
b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TCP_CLOSED];
next0 = NAT_NEXT_DROP;
}
(f64) nat44_session_get_timeout (sm, s0);
if (now >= sess_timeout_time)
{
- // delete session
nat_free_session_data (sm, s0, thread_index, 0);
nat44_delete_session (sm, s0, thread_index);
-
- // session no longer exists, go slow path
+ // session is closed, go slow path
next0 = def_slow;
goto trace0;
}